Trust Assessment
document-creator-sophnet received a trust score of 18/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 10 findings: 0 critical, 3 high, 5 medium, and 2 low severity. Key findings include Unsafe deserialization / dynamic eval, Missing required field: name, Suspicious import: requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 49/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings10
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential data exfiltration: file read + network send Function 'upload_file' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/yi-sir/document-creator-sophnet/document_creator.py:48 | |
| HIGH | Potential data exfiltration: file read + network send Function 'upload_file' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/yi-sir/document-creator-sophnet/document_creator_skill.py:45 | |
| HIGH | Potential Arbitrary File Upload (Data Exfiltration) The skill's documentation (`SKILL.md`) explicitly states that it supports a `file_path` parameter for uploading local files, with a usage example `openclaw document-creator /path/to/your/file.txt`. The `document_creator_skill.py` file contains an `upload_file` function that takes a `file_path` argument and uploads its content to `https://www.sophnet.com`. While the visible portion of the `handle_document_creation` function in `document_creator_skill.py` only appears to upload files generated by the skill itself, the explicit documentation and the presence of the `upload_file` function create a high risk that an attacker could provide an arbitrary `file_path` to the skill, leading to the exfiltration of sensitive files from the agent's environment. The truncation of `document_creator_skill.py` prevents a full analysis of how the `file_path` parameter from the command line is handled. Clarify the skill's intended behavior. If arbitrary file upload is not intended, remove the `file_path` parameter from `SKILL.md` and ensure the skill's entry point does not accept or process such a parameter for direct upload. If arbitrary file upload is intended, implement strict validation and sandboxing to restrict which files can be uploaded (e.g., only files within a specific temporary directory, or only files explicitly generated by the skill). | LLM | SKILL.md:23 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/yi-sir/document-creator-sophnet/document_creator.py:122 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/yi-sir/document-creator-sophnet/SKILL.md:1 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/yi-sir/document-creator-sophnet/document_creator.py:9 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/yi-sir/document-creator-sophnet/document_creator_skill.py:8 | |
| MEDIUM | Unpinned npm dependency version Dependency 'python-docx' is not pinned to an exact version ('^1.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/yi-sir/document-creator-sophnet/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/yi-sir/document-creator-sophnet/package.json | |
| LOW | Unpinned or Loosely Pinned Dependencies The `package.json` file uses caret (`^`) version specifiers for its Python dependencies (`python-docx`, `python-pptx`, `requests`). This allows `pip` to install any compatible minor or patch version, which could potentially introduce new vulnerabilities or breaking changes if a malicious or buggy update is released for one of these libraries. For security-sensitive applications, pinning to exact versions (`==`) is generally recommended to ensure deterministic builds and reduce the attack surface from upstream changes. Pin all dependencies to exact versions (e.g., `"python-docx": "==1.1.0"`) to ensure deterministic builds and prevent unexpected changes from upstream packages. Regularly audit and manually update dependencies. | LLM | package.json:13 |
Scan History
Embed Code
[](https://skillshield.io/report/4386b22e97c65b88)
Powered by SkillShield